CVE-2018-1000104

2018-03-1313:29:00

Google

osv.dev

0.0004 Low

EPSS

Percentile

5.1%

JSON

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.

CPENameOperatorVersion
coverity-plugineqcoverity-1.5.0
coverity-plugineqcoverity-1.1
coverity-plugineqcoverity-1.3.0.1
coverity-plugineqcoverity-1.4.1
coverity-plugineqcoverity-1.3.0
coverity-plugineqcoverity-1.1.2
coverity-plugineqcoverity-1.7.0
coverity-plugineqcoverity-1.5.2
coverity-plugineqcoverity-1.9.2
coverity-plugineqcoverity-1.3.1

Name	Operator	Version
coverity-plugin	eq	coverity-1.5.0
coverity-plugin	eq	coverity-1.1
coverity-plugin	eq	coverity-1.3.0.1
coverity-plugin	eq	coverity-1.4.1
coverity-plugin	eq	coverity-1.3.0
coverity-plugin	eq	coverity-1.1.2
coverity-plugin	eq	coverity-1.7.0
coverity-plugin	eq	coverity-1.5.2
coverity-plugin	eq	coverity-1.9.2
coverity-plugin	eq	coverity-1.3.1

Rows per page:

1-10 of 341

References

jenkins.io/security/advisory/2018-02-26/#SECURITY-260

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2018-1000104